Cyber Attacks Knocked U.S. Bank Websites Offline for 249 Hours in Past Six Weeks



Mike O'Brien
04/03/2013

The websites of major U.S. banks have gone offline for 249 hours in the past six weeks due to unrelenting cyber attacks, a new study has revealed.

The attacks, which began last November, have escalated in the last couple of months, with Bank of America, Wells Fargo, American Express and PNC among the banks targeted.

Related: Cyber Defense and Network Security

Internet monitoring company Keynote Systems carried out the research for NBC News by constantly checking the websites of 15 major banks, working with the corporations to set up dummy accounts..

In six weeks, ending on March 31, the outages totaled 249 hours. Avivah Litan, a bank security analyst with Gartner Group, told NBC: "Literally, these banks are just in war rooms, sitting at controls trying to stop the attacks. The frightening thing is the attackers are not using as much resources as they have on call. The attacks could be bigger."

Rodney Joffe, a senior technologist at Internet infrastructure company Neustar, added: "It goes on and on and on ... It's like they are kicking sand in someone's face, reminding people that they are there. You just have to ask yourself, 'Why?' The attackers just seem to enjoy being able to say 'On an ongoing basis, we can make life uncomfortable for your banking industry’."

A group calling itself Izz ad-Din al-Qassam Cyber Fighters initially claimed responsibility for the attacks last fall, but security officials say other organized groups could be involved.

It is thought the group is developing new attack techniques and is turning its attention to smaller banks.

A Distributed Denial of Service (D/DOS) attack occurs when so much illegitimate traffic bombards a website that regular users can't access its services.

Related: From Information Assurance to Cyber Operations: The Way Ahead

Mr. Joffe added: "The bad guys here are using just enough of their firepower to achieve their objectives and not more.

"They are creating a disruption to the banking industry. We already know if they wanted to make it bigger attack, they could, but it seems pretty clear that's not their intention."

Countering cyber crime will come under discussion at IDGA's Cyber Security and Network Defense summit in June. For full details, go to www.DefenseCyberSecurity.com